Reinoud van Leeuwen <reinoud@xs4all.nl> writes:
> Is there any reason why the grolist field in the table pg_group is
> implemented as an array and not as a separate table?
It's easier to cache a single entry per group in the GRONAME and GROSYSID
syscaches than a bunch of them. The design is optimized for the
needs of the system's internal permissions-checking code, not for
the convenience of people trying to interrogate pg_group in SQL.
> I have trouble implementing a way to easily check whether a user is part
> of a group.
Perhaps you could create a table that has no purpose except to be a
permissions-check target, and set it up to have permissions granted only
to the group you care about. Then use has_table_privilege().
In the long run I'd have no objection to adding an is_group_member()
function (need a better choice of name, perhaps) to cater to this sort
of request. Too late for 7.3 though.
regards, tom lane
